liktejas · vncloudsco · Jul 26, 2021
diff --git a/confirm.php b/confirm.php
@@ -57,7 +57,7 @@
   </head>
     <?php
 
-    $email = $_GET['email'];
+    $email = mysqli_real_escape_string($conn, $_GET['email']);
     if(isset($_POST['confirm']))
     {
         $new_password = base64_encode($_POST['newpassword']);

diff --git a/confirm_register.php b/confirm_register.php
@@ -58,10 +58,10 @@
     <form class="form-signin" method="POST">
     <?php
 
-    $email = $_GET['email'];
+    $email = mysqli_real_escape_string($conn, $_GET['email']);
       if(isset($_POST['register']))
       {
-        $name = $_POST['name'];
+        $name = mysqli_real_escape_string($conn, $_POST['name']);
         $password = base64_encode($_POST['password']);
         $repassword = base64_encode($_POST['repassword']);
 

diff --git a/deactivate.php b/deactivate.php
@@ -5,7 +5,7 @@
      	{
 		   header('Location: '.$base_url.'index.php');
     	}
-    $email = $_SESSION['email'];
+    $email = mysqli_real_escape_string($conn, $_SESSION['email']);
     // print_r($email);
     $sql = "DELETE FROM `users` WHERE `email`='$email'";
     $res = mysqli_query($conn, $sql);

diff --git a/forgot.php b/forgot.php
@@ -74,7 +74,7 @@
 
       if(isset($_POST['forgot']))
       {
-        $send_email_to = $_POST['email'];
+        $send_email_to = mysqli_real_escape_string($conn, $_POST['email']);
         $sql = "SELECT * FROM `users` WHERE `email`='$send_email_to'";
         $res = mysqli_query($conn, $sql);
         if(mysqli_num_rows($res) > 0)

diff --git a/index.php b/index.php
@@ -60,7 +60,7 @@
 
           if(isset($_POST['signin']))
           {
-            $email = $_POST['email'];
+            $email = mysqli_real_escape_string($conn, $_POST['email']);
             $password = base64_encode($_POST['password']);
             // "SELECT * FROM `people` WHERE name='$name'"
             $sql = "SELECT * FROM `users` WHERE `email`='$email' and `password`='$password'";

diff --git a/msgchecker.php b/msgchecker.php
@@ -2,7 +2,7 @@
 	session_start();
 	include 'connection.php';
 
-	$name = $_POST['name'];
+	$name = mysqli_real_escape_string($conn, $_POST['name']);
 	// $sql = "SELECT convs, stored_at, ip FROM conv WHERE name = '$name';";
 	$sql = "SELECT `convs`, `ip`, `stored_at` FROM `conv` WHERE chatroom = '$name' ORDER BY `id` DESC";
 	// print_r($sql);
@@ -19,7 +19,7 @@
 			while ($row = mysqli_fetch_assoc($result)) {
 				if($row['ip'] == $remote_ip)
 				{
-					$sql1 = "SELECT `convs`, `ip`, `stored_at` FROM `conv` WHERE chatroom = '$name' AND ip = $remote_ip ORDER BY `id` DESC";
+				$sql1 = "SELECT `convs`, `ip`, `stored_at` FROM `conv` WHERE chatroom = '$name' AND ip = $remote_ip ORDER BY `id` DESC";
 				$res = $res.'<div class="container1">';
 				$res = $res.'<b style="color: #fca400">You</b>';
 				$res = $res."<p>".$row['convs'];

diff --git a/msgpost.php b/msgpost.php
@@ -1,8 +1,8 @@
 <?php
 	include 'connection.php';
-	$msg = $_POST['text'];
-	$name = $_POST['name'];
-	$ip = $_POST['ip'];
+	$msg = mysqli_real_escape_string($conn, $_POST['text']);
+	$name = mysqli_real_escape_string($conn, $_POST['name']);
+	$ip = mysqli_real_escape_string($conn, $_POST['ip']);
 
 	$sql = "INSERT INTO `conv` (`convs`, `chatroom`, `ip`) VALUES ('$msg', '$name', '$ip')";
 	mysqli_query($conn, $sql);